Merge pull request #2110 from GSA/Fixing_verify_email_again

Re-fixing the verify email step.
2026-02-05 02:42:26 -05:00 · 2024-11-13 14:48:40 -05:00
parent a95138f344 683bf893c1
commit 0091fd0b31
1 changed files with 4 additions and 7 deletions
--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -108,18 +108,15 @@ def _do_login_dot_gov():  # $ pragma: no cover
        )
        raise Exception(f"Could not login with login.gov {login_gov_error}")
    elif code and state:
-        try:
+        verify_key = f"login-verify_email-{unquote(state)}"
+        verify_path = bool(redis_client.get(verify_key))
+
+        if not verify_path:
            state_key = f"login-state-{unquote(state)}"
            stored_state = unquote(redis_client.get(state_key).decode("utf8"))
            if state != stored_state:
                current_app.logger.error(f"State Error: {state} != {stored_state}")
                abort(403)
-        except AttributeError:  # There is no stored state
-            verify_key = f"login-verify_email-{unquote(state)}"
-            verify_path = bool(redis_client.get(verify_key))
-            if not verify_path:
-                current_app.logger.error("Not verify_email path, no state found.")
-                abort(403)

        # activate the user
        try: